Slashdot Mirror
US DOJ Say They Don't Need Warrants For E-Mail, Chats
gannebraemorr writes "The U.S. Department of Justice and the FBI believe they don't need a search warrant to review Americans' e-mails, Facebook chats, Twitter direct messages, and other private files, internal documents reveal. Government documents obtained by the American Civil Liberties Union and provided to CNET show a split over electronic privacy rights within the Obama administration, with Justice Department prosecutors and investigators privately insisting they're not legally required to obtain search warrants for e-mail."
Keep knock'n back that cool-aid
to be watched by the Government.
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
How can I vote pro-forth-amendment?
Does the same logic mean that the government can not reject FOI requests for emails and can not redact anything in emails?
I am TheRaven on Soylent News
Maybe we should create an amendment to the constitution that makes this issue more clear regarding illegal search.
Oh, wait... http://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution
well then maybe we should create a law that clarifies the position a bit further
Oh, wait.. http://www.justice.gov/opcl/privstat.htm
ok, well maybe we will have courts decide that emails are personal property
Oh, wait... http://wiki.answers.com/Q/Are_emails_personal_property
when/where does it end?
If you can sniff the network and easily read what I sent then fine. If I secure my emails so they don't appear in plain text then I think you do. If you secure your communication then you should require a warrant, because otherwise anyone could read what I send and I should have no expectation of privacy with my communications.
People keep claiming that they want to keep their guns because they need to protect themselves if their rights are taken away by the government...
HELLO???? At what point do you start defending yourselves? Your rights are being slowly stripped away and have been over the course of the last 30 years, and nobody does anything?
Even when the Stormtroopers are patrolling the streets, and curfew after dark is in place and people are afraid to speak against the government, or talk on their phones, with your neighbors turning each other in for 'treason'... you'll all still be sitting on your guns waiting for the government to take away your rights.
If telephones are outlawed, then only outlaws will have telephones.
things like policies on "unopened" email older than 180 days. Are we talking about the 'seen' flag being set? or the file being opened? yeah, of course government law enforcement agencies want the power to snoop on this kind of stuff but it sounds like theyre doing it without a warrant to get around the fact that most judges are completely ignorant about email and electronic communication.
then again judges have ruled in the past the FBI does not have this kind of broad jurisdiction to warrantlessly read email, so maybe they really are just ignoring the rulings?
either way, its been proven by multiple school shootings and a recent bombing that spy-on-the-whole-country technology is worthless. it doesnt help anyone prevent or prove crime, it only enables precrime and thoughtcrime to be used as fodder for law enforcement careers and budget proposals.
Good people go to bed earlier.
Aleksandr I. Solzhenitsyn
Peace is easy to achieve, just surrender. Liberty is much harder get/keep.
Cue the flamebait accusations....
I'm can't disagree with the U.S. Government's position on this one. If data is sent via the Internet, the world's biggest public network, and isn't encrypted, then why should anybody need anything to read it? Unreasonable search and seizure doesn't apply when one person is talking to another person on a street corner...or on the world's biggest public network.
Encrypt your messages and then an argument can be made for 4th Amendment violations.
"Pentagon spokesman George Little said, 'We have repeatedly stated that . . . our forces were unable to reach it in time to intervene to stop the attacks.'
These are essentially the same people who had solid intel that could have prevented the 9/11/2001 attacks, but did nothing with it.
Considering recent history, believing a word these vile fucks say is suckerdom to the n-th degree.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
and should be treated as such. Do you think a post card is a secure way to communicate with someone? If you want your messages to be relatively secure, encrypt them so only the two parties conversing will know the contents. Then they would need a court order to get the encryption key ( if said encryption key doesn't violate your 5th amendment right to not self-incriminate).
I think its better to encrypt everything, rather than having some off-handed comment taken out of context. I have had 0 luck of convincing anyone else I communicate with to employ such measures though, so eh... Face to face communication is more secure anyways.
Will someone be arrested for obstruction?
...show a split over electronic privacy rights within the Obama administration, with Justice Department prosecutors and investigators privately insisting they're not legally required to obtain search warrants for e-mail."
That implies that Obama really is trying to keep his promise about transparency, but he is fighting his own organization. The article doesn't mention Obama at all though.
...the marches and protests on Washington Mall, complete with giant presidential effigies and Hitler mustaches.
The FBI is reading /s posts. You have been warned.
I'd be more worried about them reading /b posts honestly.
People aren't encrypting enough...
Its clearly too easy for them. If we encrypt more then they might have a harder time violating rights.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Yes, those all apply to email in your possession. But, not necessarily to those stored with third parties. It's called the Third Party Doctrine.
http://www.abajournal.com/magazine/article/the_data_question_should_the_third-party_records_doctrine_be_revisited/
In essence, the doctrine holds that information lawfully held by many third parties is treated differently from information held by the suspect himself. It can be obtained by subpoenaing the third party, by securing the third party’s consent or by any other means of legal discovery; the suspect has no role in the matter, and no search warrant is required.
We don't need no stinking badges!
A pox on web designers who feel that window.innerWidth == screen.availWidth
I would have to agree. Much as I dislike it, there is no privacy, "on my watch". Too many digital cameras with photos to facebook. Too many security cameras. To much data collection. I am sure my bank has a better idea of how much I actually drive, and where I go, based on where I use my debit and credit cards. So, yeah. Privacy? Not on my watch, not until the end of civilization as we have come to know it.
If data is sent via the Internet, the world's biggest public network, and isn't encrypted, then why should anybody need anything to read it? . . .
Encrypt your messages and then an argument can be made for 4th Amendment violations.
You're not distinguishing between data in transit and data at rest. And it's an important distinction. Using Google's mail service as an example, my gmail is encrypted in transit via SSL. Always. I use HTTPS-Everywhere plugin to ensure that.
That said, I don't know how Google stores it while it rests on their servers, but it is in that state that the government claims they have a right to inspect it without a warrant. I hope it's encrypted, but it's not under my direct control. And it sounds like government is insisting Google not only give them access but share any keys they use to encrypt the data at rest. That means, if it is encrypted on their servers, that only helps protect it from hackers and accidental disclosure, not from authorized (by Google) agents.
The solution, as you hinted at, would be to encrypt your messages with something like PGP or GnuPG before sending them (in transit) or storing them (at rest) in either your or the recipient's mailbox. That puts the encryption keys squarely under your control, and makes the stored ciphertext inaccessible to the government, but comes with its own usability and key management issues. It's not something your everyday user is going to be comfortable with.
I don't believe that should mean that the less technically adept experience less privacy, but that's just my humble opinion...
Really. Carnivore has been around for 15 years.
When your government starts telling you that, it is a sign that you are having a crisis and need to swap out your government for a new one before it becomes impossible to do so.
It may already be too late.
"Comments owned by the poster."
I will believe that when they add an "edit" button at least for a short while after posting.
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
Corporations are people, humans aren't.
Money is speech, writing isn't.
Democracy has sold out.
Didn't you get the memo?
movetoamend.org if you don't like it.
It's really not a stretch for what they currently have permission to do when you think about it. If your private communications are stored at a remote location with a private entity, then there's a precedence for allowing the government to access that information. In the same way the government is forbidden from maintaining their own databases of this data, but they're permitted to license it from a private entity.
Absolutely a terrible idea IMO, but it shows you how far the government can and will go when you cede seemingly innocuous rights.
I swear to God...I swear to God! That is NOT how you treat your human!
The subject is misleading as to my stance on the issue.
The fact that they want to prepend "electronic" to the notion of privacy is disgusting. It's as if the medium has any bearing on the question of 4th amendment rights. It doesn't and shouldn't.
The nature of the medium itself could b a determining factor, but the fact is that email, for example, has a sender and an intended recipient. It is transmitted over the public internet, of course, but is this really so different than the US Mail which is already unquestionably protected under the 4th?
Your mistake is the "I think Obama and the Democratic Party stand for" part.
It's pretty clear if you read enough history that the Democratic Party doesn't actually stand for much of what their PR guys want you to think they stand for.
Ditto Obama.
And for those who are about to mod me Flamebait/Troll, ditto the Republican Party.
Alas, can't go into Romney and McCain the same way, because I didn't vote for either of them, and never even considered the possibility of voting for either of them, so I didn't listen to them enough to find out whether they were hypocrites.
"I do not agree with what you say, but I will defend to the death your right to say it"
Email, phone records, bank statements, etc. are all business records in the possession of a third party (i.e. your provider). Anybody can lawfully subpoena those records...
Maybe it's just because I'm a lawyer, but you have no right to privacy in something that you don't control and that other folks (read: employees of your provider) have access to.
The DoJ is the logical equivalent of the local cops. They are the 'hired muscle' used to bring suspects before the court system for trial and to prosecute them (represent the public's case in criminal trials). They don't make the law. Nor do they apply it to individual cases.
Of course, the cops are going to claim as much power as they can get away with.
Have gnu, will travel.
As a Democrat who follows the standard array of leftie fora, I can assure you that (1) nobody in the progressive, activist core of the party likes Holder even slightly, and (2) the majority of us are quite open about it. That includes not a few of us who on balance like his boss.
As for our Democratic senators, too many of them are old, coming from a time when success in politics required bowing to "law and order." And a number of them were prosecutors in their younger life. Younger Democrats are, almost across the board, left-libertarian and wish Holder were impeached as a traitor to the Constitution. In his earlier career he was a lawyer serving the big investment banks. He still is. We're all shamed by him.
"with their freedom lost all virtue lose" - Milton
All we need is email programs that perform a Diffie-Hellman key exchange during the first few emails you exchange with anybody
As always, the hardest part of practical cryptography is key management. What you are talking about is opportunistic encryption. It won't actually prevent decryption but it will force the attacker to do an active Man-In-The-Middle attack, which can be detected after the fact.
This should be the default mode of operation for PGP mail. Whenever you send an email it should append your public key into the headers. As soon as your interlocutor responds, he can encrypt his reply and sign with his own public key, so all messages but the first one are encrypted. It should just work, nothing should be exposed to the user except a small keylock, which he can click if he's so inclined and verify things like key thumbprint etc. to detect tampering and/or explore full PGP functionality.
For an environment such as webmail, this still offers zero security: you either keep the private key on the server, or you do the encryption operations on the clients's side. Since Javascript run-time a href=http://www.matasano.com/articles/javascript-cryptography/>is malleable it's very easy to retrieve the private key or the plain text back from the user when the government asks you.
stick mobile,computer or electronic before the description/thing and you can re patent existing patents. If its data you have to rights....
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
The gun issue not withstanding, the Government's attack on the Second Amendment is horrific and sets up really bad precidence for the Fourth Amendment, First Amendment, as well as others.
FOURTH AMENDMENT
Just think: In order to exercise your Fourth Amendment rights against unreasonable search and seizure, the Government needs to perform a background check on you to ensure that you are an upstanding citizen.
FIRST AMENDMENT
In order to exercise your First Amendment rights, you are subject to a three day waiting period. You may only use media types approved by the Government. Discourses conducted through media not sanctioned is a felony.
etc.
Will RTFA in a moment, but here's a starter response:
We all know that an email is as secure a postcard. So, yeah, maybe one or two might be intercepted occasionally. But that does not lead logically to the expectation that someone intentionlly reading all of the thousands of emails I send a year is not a violation of the fourth Amendment (unreasonable search and seizure).
Interesting line you spout there Mr. AC! Given that an Oklahoma TV station actually gives out tips on how to make your home more burglar resistant, and RECOMMENDS that you "Install steel doors that aren't as easily kicked in and put in good deadbolts that extend at least one inch into the doorjamb", I'm gonna have to call BULLSHIT on your post. Reference, please?
Browsing at +1 - no ACs, I ignore their posts. So refreshing!
The government has been wrangling this legislation since (at least) the first iteration of the Patriot Act. There are no 4th amendment protections on electronic communications. None. People need to realize that. Since phone calls all traverse digital networks now, even those are subject to eavesdropping without a warrant.
The 4th amendment doesn't apply to communications, and barely applies to your personal spaces. This is the world we live in, the world which we have allowed to come about through our own laziness, ignorance, and fear. This should surprise no one.
Why would they need a warrant to access your email? They already have a copy of all your email, they just have to open their copy of it.
Also.. To those comparing it to snail mail, it's more akin to the amount of privacy when sending a postcard than a letter in an envelope.
These are essentially the same people who had solid intel that could have prevented the 9/11/2001 attacks, but did nothing with it.
At best, their excuse for this is that they just had too much information to process and could not sift out the relevant information.
And yet they continue to delve further and further into sources of information which wouldn't have identified any attack on us that's ever taken place. They just keep increasing their surveillance powers with no concrete justification and, in fact, most likely to the detriment of their ability to predict attacks.
At first, this was due to the culture of "doing something about something" which pervades politics now. An invisible solution that solves the problem doesn't get politicians reelected. A solution which is visible, controversial, and inconvenient allows pols to send the message that they're, "getting tough on _______". Most people in America are pretty stupid, shortsighted, and fearful so they go right along with this.
Now surveillance has become an end in and of itself. The legal framework for collecting basically any communications at all times has been laid and there's no more political capital to be gained from it. Now the paranoid, the statists, the contractors who need contracts have taken over the fight. They have the legislative framework already, so it's best to keep their operations as quiet as possible to avoid scrutiny of both the obvious unconstitutionality of their actions, and the immense budgets they are getting with no real justification or goals at all. The politicians benefit from the campaign contributions paid for by the tax dollars they funnel in to these companies, and so they keep towing the line.
I work in infosec, and you can even see this mentality at a corporate level when you have poor security management. More tools! More information! More money! Never mind that the quality of information keeps declining, the need for additional analysts to handle that information keeps increasing and that the incidents these systems are identifying are almost entirely the most trivial and inconsequential events which the organization experiences. Meanwhile, the tools fail to identify really serious issues because they're too immature to do so, and all the analysts are too busy chasing nonsense to have the time to look at the big picture. Policy and product-impacting security measures which would make a real difference are never implemented, because they're too much of a pain in the ass for the people holding the purse strings who, by the way, know absolutely nothing about security and even the regulatory framework in which they operate.
It's a failing of humans in general. You can see it pretty clearly in US foreign policy since WWII. We escalate conflicts we're ostensibly trying to avoid. We arm and fund people who will eventually become our enemies and cost us even more lives and money to eradicate.
Much webmail sent today isn't transmitted cleartext... because it's not sent between two mail providers. For example, if you log into Gmail with SSL, and send a mail to another Gmail account, it's not being sent cleartext across the Internet.
Furthermore, most email users don't know that emails are sent cleartext, particularly if they "see the padlock icon" when logging into the webmail provider, so they may actually expect that emails are sent encrypted, assuming they even know what encryption is. They know they can't read others' emails since they don't know the login credentials, thus conclude that emails are private (if they're unaware of man-in-the-middle attacks or sniffing). So, there's a de-facto expectation of privacy, thanks to ignorance.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
" Unfortunately, you've grown up hearing voices that incessantly warn of government as nothing more than some separate, sinister entity that's at the root of all our problems. Some of these same voices also do their best to gum up the works. They'll warn that tyranny always lurking just around the corner. You should reject these voices."
ie "What I'm planning to do isn't tyranny, it's a simple proctology exam."
"Because what they suggest is that our brave, and creative, and unique experiment in self-rule is somehow just a sham with which we can't be trusted."
No, it's a great but fragile thing that we all need to protect from tyrants so that it never ceases to be self-rule. Those barriers that "gum up the works" are a good thing because they help prevent power hungry dill-holes from trampling over everyone else.
Knowing the liberal left-leaning's penchant for retaliation, what is to stop them from exploiting the warrantless search to spy on election campaign offices...?
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
This is why I don't leave my mail on servers. It's deleted as it is downloaded to my local client, via old style POP3. Mail stored on my own personal property at home does still require a warrant to retrieve.
Yes, this means less convenience, I can't access my email archives wherever I go, but it discourages snooping from remote.
Pick a nice client like thunderbird/mozilla mail and read your mail the classic way - via desktop client. You can even set it to not delete messages on the server for X number of days, so you have your most recent correspondence online, but not the whole pile.
So, if everyone hates him why is he still the AG? I've heard nothing from the executive branch that event hints that he's in trouble with The Boss, and with the opportunity to switch horses at the start of the new (and final) term, why did Obama keep him on? That's the question.
The bad news is Supreme Court Precedent mostly supports the idea that they can search email without a warrant. There was an old case that says the phone numbers you call on your telephone have to be communicated to the phone company, and therefore you have no reasonable expectation of privacy in them. A reasonable expectation of privacy is required to have the warrant requirement apply.
The justices in that case grew up in an age when there were party telephone lines were still common--you could literally pick up your phone and you would hear your neighbor's phone conversation. They distinguished between different houses on the same phone line by the number of times the telephone would ring. To a justice who grew up being able to hear a neighbor's phone call, the intrusion would seem small.
The good news is that some of the newer justices have expressed a possible willingness to revisit some of that old case law; they are concerned about the erosion of privacy and the idea of a mosaic of non-private information perhaps revealing private information. While the justices are generally pro-prosecution (because most of them were prosecutors), they are also nine intelligent people who grasp at least some of the implications for privacy that exist in a data-driven world.
The other news is that even if email is not protected by the fourth amendment, it can be protected by Congress. Congress, however, tends not to do anything. (I think the most relevant legislation is from the early 80s or 90s--the Stored Communications Act, maybe?)
Don't need a warrant, wtf.
God damn Bush and Cheney! I can't believe they won the last four elections >:-(
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
The real purpose of the Second Amendment requires you read the whole thing.
"A well regulated militia being necessary to the security of a free state, the right of the people to keep and bear arms shall not be infringed."
Then look at this power of Congress
To raise and support Armies, but no Appropriation of Money to that Use shall be for a longer Term than two Years;
To provide and maintain a Navy;
The whole point is that in order to have a free country you can't have a standing Army. Standing Armies are very dangerous because typically leaders end up using them on their own people. So how do you stay secure without an Army? Have everyone armed like Switzerland. Nobody want to invade a country full of sharpshooter insurgents where everyone has a rifle and there is no command structure to surrender. Also you tend not to get in aggressive wars if your soldiers can just stay home.
We would be much freer and richer if instead of a standing Army when people turned 18 they were given basic training and a rifle and sent home. The purpose of maintaining a Navy is because it takes a while to build a ship and you can't invade with a Navy.
I love Jesus, except for his foreign policy.
Ironic twist of values in the USA. The former progressives now favor tyranny and the former neocons now champion freedom. Not sure what to make of my once predictable homeland.
-- Jimtown Kelly
They Republicans are the party of the Fat Cats, but the Democrats are the other party the Fat Cats can still have in their pockets. The Republicans make noise about freedom now just to sound relevant after the beating they took in 2012.
Your right to throw a punch stops at my nose. If a private business already provides a service, the government should not be providing it (and using tax dollars to compete with a private business). If a government employee can legally obtain information without identifying himself as a government employee, then he shouldn't need a warrant for it.
Any guest worker system is indistinguishable from indentured servitude.
Vote Peter or else government will keep thinking that with big power only comes big abuse of power.
Carnivore may have been around for 15 years, but that does not mean that the act of monitoring per se can be carried out without a proper court warrant --- until now
Muchas Gracias, Señor Edward Snowden !
Steenking badges.
re: can't even pronounce Diffie-Hellman, let alone know what it is.
;>) /. poll: your favorite non-SI units:
.
I don't give a Whitfield Diffie, let alone know what it is!
Listen, I'll get back to you in a Diffie with some of that mayonnaise. We call that East Coast Hellman's stuff "Best Foods" out here on the West Coast. That's what all that EastCoast-WestCoast fighting's all about, right?
.
That's a possibility for another
-- Diffie as time
-- Smoot as length
-- I don't give a Whitfield Diffie as a curse/swear
-- pinch as volume
etc.
Whenever a government entity says something blatantly controversial like this, it's a good rule of thumb to dig around and find out what they're trying to steer your attention away from.
Given the number of servers, gateways, routers, switches any average email gets routed through, it would generally be imprudent to assume that the information contained therein is any more secure than if it were written on a postcard and sent through the mail, with the addition that a copy of the postcard is retained each time it is handled. I can't comment technically on chat messages, but I would assume the same (or similar) to be true. It is illegal for anyone, including government, to open physical mail not addressed to them without judicial oversight, but to read a postcard? I don't think that requires a warrant, does it? It might require some degree of legalisation for the information gleaned to be admissible in a court of law, but even Mr Postman can do the gleaning without getting knuckles rapped. I would imagine that a similar principle applies to emails / chats etc. If I intended to communicate anything I believe could get me in trouble with the authorities, I definitely absolutely positively would NOT do so over email or chat. I imagine that anyone else with even a third of a brain would find other methods too, so governments intercepting emails will likely achieve nothing more than: 1) Creating a hell of a lot more work for already overworked analysts and 2) Seriously pissing off civil liberties groups and the citizenry in general. So, okay Govt.com go ahead and read all of our postcards to each other, see where it gets you. F#ckin' nowhere except closer to a revolution, I'll warrant.
This is not a surprise. Simply by putting some information, thoughts or whatever in an email or chat message and sending that to someone else, you lose whatever privacy rights you would've had if you had not shared. In other words, if you want privacy, don't share it. Theoretically, even after the message reaches its destination, a copy of the email or message is likely sitting on a server somewhere and because of that, as far as the DOJ is concerned, it is public information and therefore no warrant is necessary. That's the argument they are using. I think the debate will boil down to what constitutes public information when the data is encoded on a medium that is not the personal property of the sender even if that information is not readily accessible to anyone without expert hacking skills.
As our individual rights under the U.S. Constitution Bill of Rights continue to be stripped by Federalists our Republic continues to move towards becoming a Police State. The damage that has been done to our Constitution and Bill of Rights beginning with the passage of the National Security Act of 1947 has continued to alienate us from our individual rights with the passages of the subsequent National Security Acts and the enactments of the Patriot Acts. Today American citizens are spied upon by Federal Agencies without due process including the FBI; NSA; DHS; DOD - Defense Intelligence Agency; National Geospatial-Intelligence Agency (NGA); National Secuity Council; CIA; Secret Service; Director of National Intelligence - DNI; National Counter-terrorism Center - NCC; BATFE (ATF); ICE; and DEA to name the usual suspects.